Command Injection Vulnerability in BeyondTrust Privileged Remote Access and Remote Support
CVE-2023-4310

9.8CRITICAL

Key Information:

Vendor: Beyondtrust
Status: Privileged Remote Access (pra); Remote Support (rs)
Vendor: CVE Published:; 5 September 2023

🔔 Create Beyondtrust Vulnerability Alert

What is CVE-2023-4310?

BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) versions 23.2.1 and 23.2.2 are susceptible to a command injection vulnerability. This issue arises when a malicious HTTP request is sent, potentially enabling an unauthenticated attacker to execute commands on the underlying operating system in the context of the affected user's privileges. The vulnerability has been addressed in version 23.2.3.

Affected Version(s)

Privileged Remote Access (PRA) 23.2.1

Privileged Remote Access (PRA) 23.2.2

Remote Support (RS) 23.2.1

References

https://www.beyondtrust.com/blog/entry/security-update-fo...

https://beyondtrustcorp.service-now.com/csm?id=kb_article...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2023
Vulnerability Reserved
Aug 11, 2023